Hackers Wirelessly Crash Car's Computer At Highway SpeedsS

A team of university researchers has been able to hack into a car's warning systems via wireless sensors, sending fake tire pressure messages at highway speeds and eventually frying an onboard computer. The dawn of the carhacker approaches.

We've told you before about experiments to hack into the increasingly complicated programming in modern vehicles. How complicated? A typical luxury sedan will carry three miles of wiring, scores of processors and close to 100 million lines of software code, or roughly 20 times more than used in a F-35 Joint Strike Fighter.

Those previous experiments showed what could be done with a physical connection to a vehicle's computer. The new work by teams from the University of South Carolina and Rutgers tried a different tack: spoofing the wireless sensors in wheels used by tire pressure monitoring systems, required in all new U.S. vehicles since 2008.

The researchers didn't find a wide-open door so much as the security employed by a 1920s speakeasy: once they learned the secret knock, the unidentified test car's controls let them in no questions asked. The team sent fake warning messages from 40 meters away, and in another experiment, got the test car to flash a warning that a tire had lost all pressure while beaming the signal from another car as both drove 68 mph.

Because each sensor uses a unique ID tag, it was also possible to track specific vehicles, in a way that would be far less noticeable than roadside cameras.

The hacked car usually reset its warnings after the spoofed messages stopped. But after two days of tests, the electronic control unit for the tire monitors fell off its twig and had to be replaced by a dealer. The researchers note that it took several hours of graduate-level engineering to devise their tools and crack into the monitors, but that the actual technology for doing so cost about $1,500.

The teams suggest some basic software rules could provide at least a lookout for the speakeasy door. it's not the auto equivalent of the Conficker worm, but such experiments suggest the tools for an actual hack may exist. Thankfully, many Americans already have a strong defense of ignorance: Nearly half apparently don't understand what a tire pressure warning light looks like, and a third don't even know such systems exist.

(19th Usenix Security Symposium via ArsTechnica)

Photo Credit: AutoSEC